Malware Analysis Report

2025-06-16 07:06

Sample ID 240531-tbnzlsdb6y
Target 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe
SHA256 5268f6d5820e881f6eee60a353e184c2148588aa2441ffcb4146be1a9bd3adab
Tags
upx ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

5268f6d5820e881f6eee60a353e184c2148588aa2441ffcb4146be1a9bd3adab

Threat Level: Likely malicious

The file 0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

upx ransomware

Renames multiple (578) files with added filename extension

Renames multiple (5100) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-31 15:53

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 15:53

Reported

2024-05-31 15:55

Platform

win7-20240221-en

Max time kernel

150s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe"

Signatures

Renames multiple (578) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\SecretST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\pt-br.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe"

Network

N/A

Files

memory/2812-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

MD5 3e6ebb1d10c062624872850cc8404e19
SHA1 cd52d71d0f53fa8874b6eb4dbea32eeda650662c
SHA256 e2733fb4a7092dee99a4de26864d63e6e3004effcc22eeb14e1116e5cc9b3a98
SHA512 802f0dc775a29fa259ddf7cb58c357de01a51ddc6affc3ac5ee557758308d4ffdf709b08bf11232bf4b50291d467a87bdf4f79b81877267a98d756a42bf23d13

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b3b3d05e72fd3e3f75140148d771620b
SHA1 7d6ccfd3fe1dea8de7740efb641e94ec84b48805
SHA256 0a7d91b50eabbf8fd2a480dee7c39f4e8834cf0ee53168c3b91752eef8c2a2ec
SHA512 39400ecb670ef84477f6d73a1fd19cc27d008579c3911b90e48ade4a701eaaef2a46436da2d8e8e62337f8d1adfbeb426003822e86e98f3fb9c904aae52aefaf

memory/2812-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 15:53

Reported

2024-05-31 15:55

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe"

Signatures

Renames multiple (5100) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\nl.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART6.BDR.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL115.XML.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\7-Zip\Lang\hi.txt.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\0f2ef4f5c4b3d3f67cfb70e6ea8bd670_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 74.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 89.90.14.23.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/2672-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5 eeb8bffe0cd9fcff6c129329b80780a3
SHA1 5e84a0533f9f69fdcf29e128389d36cfac4b209b
SHA256 ec29925bc23d0a0a94407e7bdc0ac2ce77f63569966cb877d3e618c18d85cb0c
SHA512 7a917bf0044ff43a1f88a985286c49562463b905a3f9835aeab5dea6ebac05d5cba98dff6a4d2b5bb6d6402cd56e661d8579c6edf89a0f8870cf3173ccf6155d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 6a17cc154c7a6a252cc83e4a7883e8bb
SHA1 84d4cfe04f6be031f70baca4adc96d8e25cb37a1
SHA256 161a4642087df62f2594d69507fedf60e7c16360d021daf058dc78504596b2e2
SHA512 bfa163fd5b6fc30772742e43323acb71ceffbe0c848a4d8ce08cb0e9c3d76339f89e91f95043f6d7bb1b036725f319acb5d2102e91fbeaba3a697f56599c9b63

memory/2672-1790-0x0000000000400000-0x000000000040B000-memory.dmp